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Art Unit: 2135 

DETAILED ACTION 

Claims 1-32 are pending. 

This Office action in response to amendment filed 4/8/2008. 

Below, Examiner has pointed out particular references contained in the prior 
art(s) of record in the body of this action for the convenience of the applicant. Although 
the specified citations are representative of the teachings in the art and are applied to 
the specific limitations within the individual claims, other passages and figures may 
apply as well. Applicant should consider the entire prior art as applicable as to the 
limitations of the claims. It is respectfully requested from the applicant, in preparing the 
response, to consider fully each reference in its entirety as potentially teaching all or 
part of the claimed invention, as well as the context of the passage as taught by the 
prior arts or disclosed by the examiner. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

1. Claims 1, 3, 5, 6, 8, 10-12, 15, 17-21, and 25-28, 30-32 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Rawson (US 6,182,223), hereafter "Rawson" 
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in view of Mitchem, T.; Lu, R.; O'Brien, R; Using Kernel Hypervisors to Secure 
Applications, IEEE, Dec. 1997 Page(s): 175-181, hereafter "Mitchem ", in view of 
Lettvin (US 5,559,960), hereafter "Lettvin". 

Considering Claims 1, 8, 15, and 23, Rawson discloses a method to provide 
network traffic support and physical security support (abstract) comprising: identifying at 
least one of a network traffic intrusion event and a physical security intrusion event with 
the VMM (column 6- lines 4-20); and implementing at least one of a network traffic 
support and a physical security support in response to the at least one of the network 
traffic intrusion event and the physical security intrusion event (column 4- lines 12-27). 
Rawson does not explicitly disclose initializing a virtual machine monitor (VMM) in a 
processor system during a pre-boot phase. 

Mitchem discloses initializing a virtual machine monitor (p. 179- 3.2- Client Kernel 
Hypervisors, U 1-2). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify Rawson by initializing the VMM as taught by 
Mitchem in order to protect a user, browsing on the internet, from downloading and 
executing malicious active content that might damage the user's system (Mitchem- p. 
179- 3.2 Client Hypervisors, U 2). 

The combination of Rawson and Mitchem does not explicitly disclose the VMM is 
initialized during a pre-boot phase. 

Lettvin discloses initializing a virtual machine monitor (VMM) in a processor system 
during a pre-boot phase (column 7-lines 23-67, column 8- lines 1-17, Fig. 3). 
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Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the combination of Rawson and Mitchem by 
initializing the VMM during a pre-boot phase as taught by Lettvin to provide a startup 
disk that causes the computer to automatically execute anti-virus software each time the 
computer starts from the disk, i.e., during bootstrap, so as to detect bootstrap time 
viruses before or after they have executed and implanted themselves in the system 
(Lettvin- column 2- lines 56-61). 

Considering Claims 3, 10, 17, 18, 25, and 26, the combination discloses 
identifying the at least one of the network traffic intrusion event and the physical security 
intrusion event with the VMM comprises detecting opening of a chassis associated of 
the processor system via a chassis intrusion switch (Rawson- column 3- lines 4-1 1 , 
column 6- lines 4-19). 

Considering Claims 5, 12, 20, and 28, the combination discloses implementing 
the at least one of the network traffic support and the physical security support 
comprises disabling the processor system in response to identifying the physical 
security intrusion event (Rawson- column 4- lines 21-27). 

Considering Claim 6, the combination discloses identifying a user authorization 
for the physical security intrusion event of the processor system (Rawson- column 4- 
lines 1-27). 

Considering Claim 14, the combination discloses the machine readable medium 
comprises one of a programmable gate array, application specific integrated circuit, 
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erasable programmable read only memory, read only memory, random access memory, 
magnetic media, and optical media. 

Rawson does disclose the machine readable medium comprises one of a 
programmable gate array, application specific integrated circuit, erasable programmable 
read only memory, read only memory, random access memory, magnetic media, and 
optical media (Lettvin- abstract, column 6- lines 15-39, Fig. 1). 

Considering Claim 21, the combination discloses the data structure comprises a 
flash memory (Lettvin- abstract, column 2- lines 56-61). 

Considering Claim 30, the combination discloses the VMM continuously 
identifies the at least one traffic intrusion and physical security intrusion event (Rawson- 
column 6- lines 4-20, Mitchem- p. 179- 3.2 Client Hypervisors, U 2). 

Considering Claim 32, the combination discloses initializing a plurality of virtual 
machines, wherein each of the plurality of virtual machines operates like a complete 
physical machine that can run its own operating system (Mitchem- Introduction, U 1-2). 
2. Claims 2, 4, 7, 9, 11, 13, 16, 19, 22, 24, 27, 29, and 31 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Rawson, Lettvin, and Mitchem in view of 
Suuronen et al. (US 2003/0145228), hereafter "Suuronen". 

Considering Claims 2, 9, 16, and 24, the combination does not explicitly disclose 
identifying the at least one of the network traffic intrusion event and the physical security 
intrusion event with the VMM comprises detecting at least one of a packet accessing a 
restricted port, a packet associated with a virus identifier, a SYN packet, and an alert 
standard format packet. Lettvin does suggest performing an integrity check on itself to 
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ascertain whether it has bee damaged, e.g., by a virus attack, and announces the 
results of the self test (Lettvin- column 7- lines 23-27). 

Suuronen discloses identifying the at least one of the network traffic intrusion event and 
the physical security intrusion event with the VMM comprises detecting at least one of a 
packet accessing a restricted port, a packet associated with a virus identifier, a SYN 
packet, and an alert standard format packet ([0005], [0010] lines 4-12, Fig. 1). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the combination by identifying a virus identifier 
associated with network traffic as taught by Suuronen in order to provide a method of 
virus protection (Suuronen- abstract). 

Considering Claims 4, 11, 19, and 27, the combination discloses implementing 
the at least one of the network traffic support and the physical security support 
comprises discarding a packet associated with network traffic in response to identifying 
the network traffic intrusion event (Suuronen- [0010] lines 4-12, Fig. 1). 

Considering Claims 7, 13, 22, and 29, the combination discloses the processor 
system is associated with at least one of a private internal network and the Internet 
(Suuronen- Fig 2, Fig. 3). 

Considering Claim 31, the combination discloses the VMM identifies both at least 
one of a network traffic intrusion event and at least one physical security intrusion event 
(Rawson- column 6- lines 4-20, Suuronen- abstract, Mitchem- p. 179, 3.2- Client 
Hypervisors, U 2). 
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Response to Arguments 

Applicant's arguments filed 4/8/2008 have been fully considered but they are not 
persuasive. 

Regarding Claims 1, 8, 15, and 23, applicant's arguments have been fully 
considered but they are not persuasive. In response to applicant's argument that the 
references may not be combined, the test for obviousness is not whether the features of 
a secondary reference may be bodily incorporated into the structure of the primary 
reference; nor is it that the claimed invention must be expressly suggested in any one or 
all of the references. Rather, the test is what the combined teachings of the references 
would have suggested to those of ordinary skill in the art. See In re Keller, 642 F.2d 
413, 208 USPQ 871 (CCPA 1981). 

In response to applicant's argument that there is no suggestion to combine the 
references, the examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so found either in the 
references themselves or in the knowledge generally available to one of ordinary skill in 
the art. See In re Fine, 837 F.2d 1071 , 5 USPQ2d 1596 (Fed. Cir. 1988)and In re 
Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, modify Rawson 
by initializing the VMM as taught by Mitchem in order to protect a user, browsing on the 
internet, from downloading and executing malicious active content that might damage 
the user's system (Mitchem- p. 179- 3.2 Client Hypervisors, U 2). One of ordinary skill in 
the art at the time of the invention would have been further motivated to modify the 
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combination of Rawson and Mitchem by initializing the VMM during a pre-boot phase as 
taught by Lettvin in order to provide a startup disk that causes the computer to 
automatically execute anti-virus software each time the computer starts from the disk, 
i.e., during bootstrap, so as to detect bootstrap time viruses before or after they have 
executed and implanted themselves in the system (Lettvin- column 2- lines 56-61). 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of 
time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the 
advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Randal D. Moran whose telephone number is 571-270- 
1255. The examiner can normally be reached on M-F: 7:30-5:00. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/R. D. M./ 

Examiner, Art Unit 2135 

7/5/2008 

/KimYen Vu/ 



Supervisory Patent Examiner, Art Unit 2135 



